spf-discuss
[Top] [All Lists]

Re: Conflict with challenge/response filters

2005-07-05 16:11:04
Stuart D. Gathman wrote:
Gunnar Hjalmarsson wrote:
To make my mail server SPF compliant, I have it do SRS-rewriting of
all outgoing envelope-from addresses, using the method described at
http://srs-socketmap.info/sendmailsrs.htm

Not sure why this is needed to be "SPF compliant", but it is useful
for blocking bogus bounces or having only one SPF record for all
outgoing domains.

"SPF compliant" was maybe not the best term...

having all outgoing envelope-from addresses rewritten clashes with
the challenge/response approach. Not that I personally care much
about the latter, but some users may consider it a problem.

Anybody who knows of a simple solution to this problem?

I just add such services to 'no-srs-forwarders', which turns off
SRS/SES for that recipient domain in my implementation.

Hmm.. Yes, that does sound sensible. Thanks!

Are you (or somebody else) possibly able to point me to some resource that describes (in detail) how it can be done on sendmail? (I'm not a mail server pro, just an Internet hobbyist who signed up for a VPS last year.)

Other related comments?

If you are doing SRS because you are a forwarding service

I'm not a forwarding service, but
A) any user may redirect incoming email to external addresses (I know some do), and B) there are a couple of scripts on the server which send messages on behalf of people, and I want to prevent problems for the case the scripts send messages on behalf of addresses with SPF records that don't reflect that fact.

Doctor, doctor!  It hurts when I do this...

Spam fighting via sender authentication will indeed hurt a lot for a long time, i.e. as long as there is not *one* global standard for the purpose. Hopefully that one standard will be similar to SPF. ;-)

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl